---
title: "NixOS"
sidebar:
  order: 4
---

NixOS deployments can use our **module** to easily manage their validator. It creates a systemd service with a production configuration

:::caution

The current example does not support remote signers yet. We will expand the guide once [horcrux](https://github.com/strangelove-ventures/horcrux) support is implemented.

:::

## Configuration

Below is an example configuration.nix which can be used in production.


```nix
{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    union.url = "github:unionlabs/union";
  };
  outputs = { self, nixpkgs, union, ... }:
    {
      nixosConfigurations.testnet-validator =
        let
          system = "x86_64-linux";
          pkgs = import nixpkgs { inherit system; };
        in
        nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            union.nixosModules.unionvisor
            {
              system.stateVersion = "23.11";
              # Base configuration for openstack-based VPSs
              # If using elitak/nixos-infect, use the hardware and network configuration provided by nixos-infect
              imports = [ "${nixpkgs}/nixos/modules/virtualisation/openstack-config.nix" ];

              # Allow other validators to reach you
              networking.firewall.allowedTCPPorts = [ 80 443 26656 26657 ];

              # Unionvisor module configuration
              services.unionvisor = {
                enable = true;
                moniker = "your-testnet-moniker";
                network = "union-testnet-10";
                seeds = "SEED_NODE_ADDRESS";
                node-key-json = .path/to/node_key.json;
                priv-validator-key-json = .path/to/priv_validator_key.json;
                root = "/var/lib/unionvisor";
                home = "/var/lib/unionvisor";
                app-toml = .path/to/app.toml;
                client-toml = .path/to/client.toml;
                config-toml = .path/to/config.toml;
              };

              # OPTIONAL: Some useful inspection tools for when you SSH into your validator
              environment.systemPackages = with pkgs; [
                bat
                bottom
                helix
                jq
                fastfetch
                tree
              ];
            }
          ];
        };
    };
}
```

You can then deploy the configuration by running:

```sh frame="none"
GIT_LFS_SKIP_SMUDGE=1 nixos-rebuild switch --flake .\#testnet-validator --target-host user@validator.domain -L
```

## Interacting with the Node

After the system has been switched to this configuration, Unionvisor will be ran as a `systemd` service.

You can view the logs of Unionvisor with `journalctl`:

```sh frame="none"
journalctl -xfeu service.unionvisor
```

You can call the current `uniond` either through Unionvisor binary, or by running the linked binary under `$UNIONVISOR_HOME/uniond`. By default, the `$UNIONVISOR_HOME` will be under `/var/lib/unionvisor`. You can also find the home files of your node containing state and config under `$UNIONVISOR_HOME/home`.

## Upgrading

To upgrade to newer versions, simply run

```sh frame="none"
nix flake update
GIT_LFS_SKIP_SMUDGE=1 nixos-rebuild switch --flake .\#testnet-validator --target-host user@validator.domain -L
```

This will pull in the latest changes to union configurations and prepare your node for future upgrades.
